Enable different Apache modules
NOTE: We are in the process of modifying the file structure and configuration for many Bitnami stacks. On account of these changes, the file paths stated in this guide may change depending on whether your Bitnami stack uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). To identify your Bitnami installation type and what approach to follow, run the command below:
$ test ! -f "installdir/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation."The output of the command indicates which approach (A or B) is used by the installation, and will allow you to identify the paths, configuration and commands to use in this guide. Refer to the FAQ for more information on these changes.
LDAP
Bitnami stacks already ship the LDAP module installed in Apache but it is not enabled by default. To enable this module, follow these steps:
Enable the LDAP module. Edit the main Apache configuration file located at installdir/apache2/conf/httpd.conf. Uncomment the mod_authnz_ldap line and add the mod_ldap line at the end of the LoadModule section:
... LoadModule authnz_ldap_module modules/mod_authnz_ldap.so ... LoadModule ldap_module modules/mod_ldap.soRestart Apache server and check it is already enabled:
$ sudo installdir/ctlscript.sh restart apache $ installdir/apache2/bin/apachectl -M | grep ldap ... authnz_ldap_module (shared) ldap_module (shared) ...
mod_evasive
Follow these steps:
Download the latest version:
$ git clone https://github.com/jzdziarski/mod_evasive/Build, configure and install the module:
$ cd mod_evasive $ cp mod_evasive{20,24}.c $ sed s/remote_ip/client_ip/g -i mod_evasive24.c $ sudo apxs -i -a -c mod_evasive24.cUpdate the Apache module configuration:
$ echo Include conf/modevasion.conf | sudo tee -a installdir/apache2/conf/httpd.conf $ sudo tee installdir/apache2/conf/modevasion.conf <<EOF #increases size of hash table. Good, but uses more RAM." DOSHashTableSize 3097" #Interval, in seconds, of the page interval." DOSPageInterval 1" #Interval, in seconds, of the site interval." DOSSiteInterval 1" #period, in seconds, a client is blocked. The counter is reset to 0 with every access within this interval." DOSBlockingPeriod 10" #threshold of requests per page, per page interval. If hit == block." DOSPageCount 2" #threshold of requests for any object by the same ip, on the same listener, per site interval." DOSSiteCount 50" #locking mechanism prevents repeated calls. email can be sent when host is blocked (leverages the following by default "/bin/mail -t %s")" DOSEmailNotify mbrown@domainy.com" #locking mechanism prevents repeated calls. A command can be executed when a host is blocked. %s is the host IP." #DOSSystemCommand \"su - someuser -c \'/sbin/... %s ...\'\"" #DOSLogDir \"/var/lock/mod_evasive\"" #whitelist an IP., leverage wildcards, not CIDR, like 127.0.0.*" #DOSWhiteList 127.0.0.1" EOFRestart Apache:
$ sudo installdir/ctlscript.sh restart apache
mod_proxy_html
Follow these steps:
Approach A: Bitnami installations using system packages
Install the libxml2 development system package:
Debian:
$ sudo apt-get install libxml2-devCentOS:
$ sudo yum install libxml2-devel
Download the latest version and extract the contents:
$ wget http://apache.webthing.com/mod_proxy_html/mod_proxy_html.tar.bz2 $ tar -jxf mod_proxy_html.tar.bz2 $ cd mod_proxy_html/Install the module:
$ sudo apxs -c $(xml2-config --cflags) $(xml2-config --libs) -i mod_proxy_html.c $ sudo apxs -c $(xml2-config --cflags) $(xml2-config --libs) -i mod_xml2enc.c $ sudo chmod 755 installdir/apache2/modules/mod_proxy_html.so installdir/apache2/modules/mod_xml2enc.soEnable the module by including the lines below in the installdir/apache2/conf/httpd.conf configuration file:
LoadModule proxy_html_module modules/mod_proxy_html.so LoadModule xml2enc_module modules/mod_xml2enc.so
Approach B: Self-contained Bitnami installations
Download the latest version and extract the contents:
$ wget http://apache.webthing.com/mod_proxy_html/mod_proxy_html.tar.bz2 $ tar -jxf mod_proxy_html.tar.bz2 $ cd mod_proxy_html/Install the module:
$ sudo apxs -c -I installdir/common/include/libxml2 -I. -i mod_proxy_html.c $ sudo apxs -c -I installdir/common/include/libxml2 -I. -i mod_xml2enc.c $ sudo chmod 755 installdir/apache2/modules/mod_proxy_html.so installdir/apache2/modules/mod_xml2enc.soEnable the module by including the lines below in the installdir/apache2/conf/httpd.conf configuration file:
LoadFile installdir/common/lib/libxml2.so LoadModule proxy_html_module modules/mod_proxy_html.so LoadModule xml2enc_module modules/mod_xml2enc.so
mod_security
Approach A: Bitnami installations using system packages
Bitnami stacks using system packages already ship the mod_security3 module installed in Apache but it is not enabled by default. To enable this module, follow these steps:
Enable the mod_security3 and mod_unique_id modules in Apache. Edit the main Apache configuration file and uncomment the unique_id_module. Then, add the mod_security3 line at the end of the LoadModule section:
... LoadModule unique_id_module modules/mod_unique_id.so ... LoadModule security3_module modules/mod_security3.soEnable ModSecurity in each virtual host file. For example, add the following configuration to the installdir/apache2/conf/vhosts/APPNAME-vhost.conf file:
<VirtualHost _default_:80> ... <Directory "/path/to/htdocs"> ... modsecurity on modsecurity_rules_file "conf/modsecurity.conf"Restart the Apache server:
$ sudo installdir/ctlscript.sh restart apache $ tail installdir/apache2/logs/error_log ... [Thu Jun 04 16:42:24.775180 2020] [:notice] [pid 4634:tid 140252742151040] ModSecurity: ModSecurity-Apache v0.1.1-beta configured. ...
Approach B: Self-contained Bitnami installations
Enable the mod_security2 and mod_unique_id modules in Apache. Edit the main Apache configuration file and uncomment the unique_id_module. Then, add the mod_security2 line at the end of the LoadModule section:
... LoadModule unique_id_module modules/mod_unique_id.so ... LoadModule security2_module modules/mod_security2.soAdd the default configuration file for mod_security at the end of the Apache configuration file:
Include "installdir/apache2/conf/modsecurity.conf"Restart Apache server and check it is already enabled:
$ sudo installdir/ctlscript.sh restart apache $ tail installdir/apache2/logs/error_log ... [Thu Jan 30 18:42:14.004246 2014] [:notice] [pid 1127] ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/) configured. ...
In some older stack versions, it is necessary to download an additional file for this module. Use the following commands:
$ cd installdir/apache2/conf
$ sudo wget https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v2/master/unicode.mapping
mod_xsendfile
Approach A: Bitnami installations using system packages
Follow these steps:
Download the latest version of the module:
$ wget https://tn123.org/mod_xsendfile/mod_xsendfile-0.12.tar.gzExtract the content and install the module:
$ tar -xzvf mod_xsendfile-0.12.tar.gz $ cd mod_xsendfile-0.12 $ sudo apxs -aci mod_xsendfile.c
If everything goes well, the module will be installed as installdir/apache2/modules/mod_xsendfile.so. Check the mod_xsendfile configuration page to find out how to configure this module for your application.
Approach B: Self-contained Bitnami installations
Bitnami LAMP/MAMP/WAMP stacks 5.4.13-2 and later include the mod_xsendfile module. To enable this module, add the following line in the Apache configuration file:
LoadModule xsendfile_module modules/mod_xsendfile.so
If you are using an older version, it is easy to install this module into your existing Apache server. Follow the steps below: * First, install the necessary compilation tools to be able to build the Apache extension. On Ubuntu/Debian you can do it with the following command:
$ sudo apt-get install build-essential
Download the latest version of the module:
$ wget https://tn123.org/mod_xsendfile/mod_xsendfile-0.12.tar.gzExtract the content and install the module:
$ tar -xzvf mod_xsendfile-0.12.tar.gz $ cd mod_xsendfile-0.12 $ sudo installdir/apache2/bin/apxs -aci mod_xsendfile.c
If everything goes well, the module will be installed as installdir/apache2/modules/mod_xsendfile.so. Check the mod_xsendfile configuration page to find out how to configure this module for your application.
mod_http2
Bitnami stacks ship with the mod_http2 module installed, but it is not enabled by default. To enable this module, follow these steps:
Edit the main Apache configuration file at installdir/apache2/conf/httpd.conf and uncomment the line below so that it looks like this:
... LoadModule http2_module modules/mod_http2.soRestart Apache and confirm that the module is active:
$ sudo installdir/ctlscript.sh restart apache $ sudo apachectl -M | grep http2
mod_remoteip
Bitnami stacks ship with the mod_remoteip module installed, but it is not enabled by default. To enable this module, follow these steps:
Edit the main Apache configuration file at installdir/apache2/conf/httpd.conf and add the line shown below:
... LoadModule remoteip_module modules/mod_remoteip.soRestart Apache and confirm that the module is active:
$ sudo installdir/ctlscript.sh restart apache $ sudo apachectl -M | grep remoteip
To configure the format in which information is stored in the Apache access log, set the LogFormat value either inside a virtual host configuration file at installdir/apache2/conf/bitnami/bitnami.conf or in the main Apache configuration file at installdir/apache2/conf/httpd.conf.
Additional parameters for the module can be set by creating a file at installdir/apache2/conf/remoteip.conf* file and including it in either the virtual host configuration file or the main Apache configuration file, using the example Include directive shown below:
Include "installdir/apache2/conf/remoteip.conf"